Loading .env 0 → 100644 +1 −0 Original line number Diff line number Diff line DESIRED_WORKER_ID=1 .gitlab-ci.yml +60 −11 Original line number Diff line number Diff line Loading @@ -3,9 +3,9 @@ stages: - test-package - deploy docker-build-dev: docker-build-commit-non-master-branches: stage: package image: redmic/docker-gitlab image: docker:stable variables: DOCKER_DRIVER: overlay2 services: Loading @@ -14,26 +14,45 @@ docker-build-dev: - branches except: - master - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-pro: docker-build-commit-master-branch: stage: package image: redmic/docker-gitlab image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - master except: - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} container_scanning: docker-tag-already-built-image: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - tags except: - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container-scanning: stage: test-package image: docker:stable variables: Loading @@ -44,7 +63,7 @@ container_scanning: only: - branches except: - master - schedules script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 Loading @@ -55,13 +74,15 @@ container_scanning: - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] deploy-backup-db-dev: deploy-dev: stage: deploy image: redmic/docker-gitlab image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${DEV_SSH_REMOTE} Loading @@ -73,12 +94,40 @@ deploy-backup-db-dev: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} POSTGRES_USER=${POSTGRES_USER} POSTGRES_PASSWORD=${POSTGRES_PASSWORD} POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME} BUCKET_BACKUP_DB=${BUCKET_BACKUP_DB} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} environment: name: dev only: - dev - branches except: - master - schedules when: manual deploy-pro: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${PRO_SSH_REMOTE} STACK: postgres SERVICES_TO_CHECK: postgres_${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml services: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} POSTGRES_USER=${POSTGRES_USER} POSTGRES_PASSWORD=${POSTGRES_PASSWORD} POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME} BUCKET_BACKUP_DB=${BUCKET_BACKUP_DB} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} environment: name: pro only: - master when: manual Dockerfile +11 −10 Original line number Diff line number Diff line FROM alpine:3.7 LABEL maintainer="info@redmic.es" ENV POSTGRES_PORT="5432" \ POSTGRES_HOSTNAME="postgresql-master" \ POSTGRES_HOSTNAME="postgresql" \ POSTGRES_USER="postgres" \ POSTGRES_PASSWORD="password" \ POSTGRES_PASS_FILE='/root/.pgpass' \ Loading @@ -9,15 +11,14 @@ ENV POSTGRES_PORT="5432" \ AWS_DEFAULT_REGION="eu-west-1" \ AWS_OUTPUT="json" COPY scripts /usr/local/bin COPY scripts / RUN apk add --no-cache postgresql-client \ RUN apk add --no-cache \ postgresql-client \ python3 \ bash && \ pip3 install --no-cache-dir --upgrade awscli && \ rm -rf /var/cache/apk/* && \ mkdir -p $POSTGRES_DUMP_PATH && \ chmod +x /usr/local/bin/*.sh pip3 install --no-cache-dir --upgrade \ awscli ENTRYPOINT ["docker-entrypoint.sh"] No newline at end of file ENTRYPOINT ["/docker-entrypoint.sh"] docker-compose.prod.yml 0 → 100644 +14 −0 Original line number Diff line number Diff line version: '3.5' services: backup-db: deploy: mode: replicated replicas: 1 placement: constraints: - node.role == worker - node.labels.workerid == ${DESIRED_WORKER_ID} restart_policy: condition: on-failure max_attempts: 3 scripts/docker-entrypoint.sh +22 −14 Original line number Diff line number Diff line Loading @@ -4,46 +4,50 @@ export PGPASSFILE="${POSTGRES_PASS_FILE}" NOW_DATE=$(date +%Y-%m-%d_%H_%M_%S) ZIP_FILENAME="${NOW_DATE}-backup.tar.gz" DUMP_FILENAME=${DUMP_FILENAME:-"db.dump"} DUMP_FILENAME="${DUMP_FILENAME:-db.dump}" function check_constraint_variable() { local VALUE=0 if [[ -z "${BUCKET_BACKUP_DB}" ]]; then if [ -z "${BUCKET_BACKUP_DB}" ] then echo "ERROR! Variable BUCKET_BACKUP_DB is empty" VALUE=1 fi if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then if [ -z "${AWS_ACCESS_KEY_ID}" ] then echo "ERROR! Variable AWS_ACCESS_KEY_ID is empty" VALUE=1 fi if [[ -z "${AWS_SECRET_ACCESS_KEY}" ]]; then if [ -z "${AWS_SECRET_ACCESS_KEY}" ] then echo "ERROR! Variable AWS_SECRET_ACCESS_KEY is empty" VALUE=1 fi if [[ "$VALUE" == "1" ]]; then if [ "${VALUE}" = "1" ] then exit 1 fi } function create_pgpass() { echo "${POSTGRES_HOSTNAME}:${POSTGRES_PORT}:*:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > ${PGPASSFILE} chmod 0600 ${PGPASSFILE} } function dump_all() { echo "Creating database backup" pg_dumpall -h ${POSTGRES_HOSTNAME} -U ${POSTGRES_USER} --clean > ${POSTGRES_DUMP_PATH}/${DUMP_FILENAME} } function compress() { echo "Compressing backup" WORKDIR=$(pwd) cd ${POSTGRES_DUMP_PATH} Loading @@ -51,32 +55,36 @@ function compress() { cd ${WORKDIR} } function upload_s3() { echo "Uploading backup to S3" aws s3 cp ${POSTGRES_DUMP_PATH}/${ZIP_FILENAME} s3://${BUCKET_BACKUP_DB} } function clean_dump() { echo "Cleaning temporary files" rm -f ${POSTGRES_DUMP_PATH}/* } mkdir -p ${POSTGRES_DUMP_PATH} check_constraint_variable # Create pgpass file if not exists it if [[ ! -f ${PGPASSFILE} ]]; then if [ ! -f ${PGPASSFILE} ] then create_pgpass fi dump_all if [[ -f ${POSTGRES_DUMP_PATH}/${DUMP_FILENAME} ]]; then if [ -f ${POSTGRES_DUMP_PATH}/${DUMP_FILENAME} ] then compress if [[ -f ${POSTGRES_DUMP_PATH}/${ZIP_FILENAME} ]]; then if [ -f ${POSTGRES_DUMP_PATH}/${ZIP_FILENAME} ] then upload_s3 fi Loading Loading
.gitlab-ci.yml +60 −11 Original line number Diff line number Diff line Loading @@ -3,9 +3,9 @@ stages: - test-package - deploy docker-build-dev: docker-build-commit-non-master-branches: stage: package image: redmic/docker-gitlab image: docker:stable variables: DOCKER_DRIVER: overlay2 services: Loading @@ -14,26 +14,45 @@ docker-build-dev: - branches except: - master - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-pro: docker-build-commit-master-branch: stage: package image: redmic/docker-gitlab image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - master except: - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} container_scanning: docker-tag-already-built-image: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - tags except: - schedules script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container-scanning: stage: test-package image: docker:stable variables: Loading @@ -44,7 +63,7 @@ container_scanning: only: - branches except: - master - schedules script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 Loading @@ -55,13 +74,15 @@ container_scanning: - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] deploy-backup-db-dev: deploy-dev: stage: deploy image: redmic/docker-gitlab image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${DEV_SSH_REMOTE} Loading @@ -73,12 +94,40 @@ deploy-backup-db-dev: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} COMPOSE_FILE=${COMPOSE_FILE} deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} POSTGRES_USER=${POSTGRES_USER} POSTGRES_PASSWORD=${POSTGRES_PASSWORD} POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME} BUCKET_BACKUP_DB=${BUCKET_BACKUP_DB} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} environment: name: dev only: - dev - branches except: - master - schedules when: manual deploy-pro: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy:latest variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${PRO_SSH_REMOTE} STACK: postgres SERVICES_TO_CHECK: postgres_${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml services: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} POSTGRES_USER=${POSTGRES_USER} POSTGRES_PASSWORD=${POSTGRES_PASSWORD} POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME} BUCKET_BACKUP_DB=${BUCKET_BACKUP_DB} AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} environment: name: pro only: - master when: manual
Dockerfile +11 −10 Original line number Diff line number Diff line FROM alpine:3.7 LABEL maintainer="info@redmic.es" ENV POSTGRES_PORT="5432" \ POSTGRES_HOSTNAME="postgresql-master" \ POSTGRES_HOSTNAME="postgresql" \ POSTGRES_USER="postgres" \ POSTGRES_PASSWORD="password" \ POSTGRES_PASS_FILE='/root/.pgpass' \ Loading @@ -9,15 +11,14 @@ ENV POSTGRES_PORT="5432" \ AWS_DEFAULT_REGION="eu-west-1" \ AWS_OUTPUT="json" COPY scripts /usr/local/bin COPY scripts / RUN apk add --no-cache postgresql-client \ RUN apk add --no-cache \ postgresql-client \ python3 \ bash && \ pip3 install --no-cache-dir --upgrade awscli && \ rm -rf /var/cache/apk/* && \ mkdir -p $POSTGRES_DUMP_PATH && \ chmod +x /usr/local/bin/*.sh pip3 install --no-cache-dir --upgrade \ awscli ENTRYPOINT ["docker-entrypoint.sh"] No newline at end of file ENTRYPOINT ["/docker-entrypoint.sh"]
docker-compose.prod.yml 0 → 100644 +14 −0 Original line number Diff line number Diff line version: '3.5' services: backup-db: deploy: mode: replicated replicas: 1 placement: constraints: - node.role == worker - node.labels.workerid == ${DESIRED_WORKER_ID} restart_policy: condition: on-failure max_attempts: 3
scripts/docker-entrypoint.sh +22 −14 Original line number Diff line number Diff line Loading @@ -4,46 +4,50 @@ export PGPASSFILE="${POSTGRES_PASS_FILE}" NOW_DATE=$(date +%Y-%m-%d_%H_%M_%S) ZIP_FILENAME="${NOW_DATE}-backup.tar.gz" DUMP_FILENAME=${DUMP_FILENAME:-"db.dump"} DUMP_FILENAME="${DUMP_FILENAME:-db.dump}" function check_constraint_variable() { local VALUE=0 if [[ -z "${BUCKET_BACKUP_DB}" ]]; then if [ -z "${BUCKET_BACKUP_DB}" ] then echo "ERROR! Variable BUCKET_BACKUP_DB is empty" VALUE=1 fi if [[ -z "${AWS_ACCESS_KEY_ID}" ]]; then if [ -z "${AWS_ACCESS_KEY_ID}" ] then echo "ERROR! Variable AWS_ACCESS_KEY_ID is empty" VALUE=1 fi if [[ -z "${AWS_SECRET_ACCESS_KEY}" ]]; then if [ -z "${AWS_SECRET_ACCESS_KEY}" ] then echo "ERROR! Variable AWS_SECRET_ACCESS_KEY is empty" VALUE=1 fi if [[ "$VALUE" == "1" ]]; then if [ "${VALUE}" = "1" ] then exit 1 fi } function create_pgpass() { echo "${POSTGRES_HOSTNAME}:${POSTGRES_PORT}:*:${POSTGRES_USER}:${POSTGRES_PASSWORD}" > ${PGPASSFILE} chmod 0600 ${PGPASSFILE} } function dump_all() { echo "Creating database backup" pg_dumpall -h ${POSTGRES_HOSTNAME} -U ${POSTGRES_USER} --clean > ${POSTGRES_DUMP_PATH}/${DUMP_FILENAME} } function compress() { echo "Compressing backup" WORKDIR=$(pwd) cd ${POSTGRES_DUMP_PATH} Loading @@ -51,32 +55,36 @@ function compress() { cd ${WORKDIR} } function upload_s3() { echo "Uploading backup to S3" aws s3 cp ${POSTGRES_DUMP_PATH}/${ZIP_FILENAME} s3://${BUCKET_BACKUP_DB} } function clean_dump() { echo "Cleaning temporary files" rm -f ${POSTGRES_DUMP_PATH}/* } mkdir -p ${POSTGRES_DUMP_PATH} check_constraint_variable # Create pgpass file if not exists it if [[ ! -f ${PGPASSFILE} ]]; then if [ ! -f ${PGPASSFILE} ] then create_pgpass fi dump_all if [[ -f ${POSTGRES_DUMP_PATH}/${DUMP_FILENAME} ]]; then if [ -f ${POSTGRES_DUMP_PATH}/${DUMP_FILENAME} ] then compress if [[ -f ${POSTGRES_DUMP_PATH}/${ZIP_FILENAME} ]]; then if [ -f ${POSTGRES_DUMP_PATH}/${ZIP_FILENAME} ] then upload_s3 fi Loading
